This specification relates to malware protection software, and more particularly to preventing and responding to an attempt to disable malware protection software.
Malware is any kind of malicious software such as, for example, a computer virus, Trojan horse, spyware, and malicious active content. Malware can spread via infected email attachments, shared files, or malicious websites. Malware attach to files so when the infected file executes, the malware also execute and, for example, self-replicate without user knowledge or permission. Other malware target a computer's memory and infect files as the computer opens, modifies, or creates files. Some malware can lie dormant and not show any signs of existence, e.g., key capture software, monitoring software, etc.
Malware protection software generally operates by scanning a computer's memory and disk drives or monitoring network traffic for malicious code. Some malware can disable or otherwise attack or infect the malware protection software itself. If such malware attacks are not detected by the malware protection software, the malware protection software becomes compromised and the malware causes further damage to the system such as infecting system files, downloading and installing other malware, stealing confidential information, etc. Even if the attempt to disable the malware protection software is prevented, the malware protection software may fail to prevent the malware from causing further damage to the system.